Finnish residents lost almost 5 million euros to online bank fraud
Finnish police have raised an alarm about a trend criminal phenomenon: online scammers are seizing millions of euros by phishing for online banking details on fake websites imitating genuine banking websites.
The police have received more than 360 reports of banking frauds so far this year.
Criminal damages in these cases amount close to 5 million euros. And attention: approximately 50% of the crimes were committed during the past three weeks.
According to police information, fake banking websites are most often accessed either through malicious links within text messages or emails that were seemingly sent by a bank or search results produced by a search engine.
Those malicious links are designed by criminals, and once the link is clicked, the customer is then asked to log into their own online bank. When the customer types the bank's name on a search engine, such as Google or Bing, the fake website may appear higher in the results than the genuine banking site.
The victims of fraud assume that they are logging into their online bank, but they actually give away their details on a website maintained by criminals.
Criminals then use the details to access the victim's online bank, whereas the victims receive a request for verification of the logins. As the victims verify the login, the criminals gain access to the online bank.
Not always easy to detect
Detective Chief Inspector Petteri Laitila of the National Bureau of Investigation explains that phishing websites are cleverly designed, and "it is not always easy to detect them as fake. It may even be impossible to distinguish a fake site from a genuine one."
According to Laitila, in the past the usual victims of fraud were senior citizens, but criminals have developed more and more sophisticated modus operandi, and now people of all ages have become victims.
"If you type your bank's name on a search engine, the results may not include the genuine webpage at all, but the search engine returns the phishing site on the highest place in the results instead. Authorities and the private sector strive to detect and remove fake sites from search results and on the internet, but new fake sites keep being created and the name of the bank may change," says Laitila.
Police recommend customers to use the bank's own mobile apps or bookmarked pages.
"If you think that criminals have gotten your online banking details, it is of utmost importance that you contact your bank immediately," reads the statement.
Recommendations to avoid fraud
- When accessing your banking website, do not click links within unsolicited text messages or emails or the search results returned by search engines.
- Bookmark your banking website or add it to Favourites.
- The safest way is to use your bank's mobile app.
- Share information about the phenomenon with your family and friends.
When you believe that criminals have got your online banking details or detect unsolicited incoming or outgoing payments on your account, it is extremely important that you contact your bank straightaway and then report the crime to the police.
Various kinds of cyber frauds
Banking fraud is only part of a wider phenomenon. The police have received more than 900 reports of various kinds of cyber frauds. The damage caused exceeds 13.5 million euros.
However, the total amount obtained from the scams could be much higher.
"There are several types of cyber crime. Criminals are continuously developing new ways to commit frauds on the Internet. In addition to banks, criminals also try to imitate websites of well-known companies," says Laitila.
Many people have also received calls from fake Microsoft 'technical support services'. These are scammers who try to get the user to give them control of their computers or smartphones.
"As a rule, unexpected telephone calls from technical support services are scams," the police warn.
The police advise customers not to disclose their personal information, banking credentials on the Internet, not to click on unwanted links, or to download software sent or requested by an unsolicited sender, such as software that allows remote access.